News in 2007

2007-12-27 release 0.5 of nss-ldapd
This release brings a number of major structural internal changes.
The code is now in a state that features may be re-added.
This release is well-tested and should be stable, although it introduces
a lot of changed code so there may be issues that are overlooked
(see the README and TODO files for missing and unsupported features).
changes since 0.4.1:

major structural changes in the LDAP lookup code using a newly implemented
module that does memory management, session handling, paging and all other
painful things with a simple interface

rewritten LDAP query and result handling code, now generating warnings
about incorrect entries in the LDAP directory

IPv6 addresses in host lookups are now supported

added Kerberos ccname support (with the krb5_ccname option) thanks to
Andreas Schneider and Ralf Haferkamp from SuSE and remove --with-gssapi-dir,
--enable-configurable-krb5-ccname-gssapi and
--enable-configurable-krb5-ccname-env configure options and having automatic
detection instead

added support for DNS SRV record lookups by specifying DNS as uri thanks to
Ralf Haferkamp and Michael Calmer from SuSE

added support for DOMAIN as base DN which uses the host's domain to
construct a DN

removed nss_connect_policy, bind_policy and sizelimit options

cleaned up and documented reconnect logic with reconnect_tries,
reconnect_sleeptime and reconnect_maxsleeptime options

configuration values with spaces in them (e.g. distinguished names) are now
handled properly

2007-11-20 about race condition in nss_ldap
A race condition
(CVE-2007-5794)
in nss_ldap was found that, under certain circumstances, could cause
NSS functions to return incorrect data which may in turn have security
implications.
nss-ldapd is not affected by this problem.
Although nss-ldapd shares quite a bit of code with nss_ldap
no persistent connections exist within the NSS module because the connection
to the LDAP server is only persistent in the local nslcd daemon.

2007-10-26 release 0.4.1 of nss-ldapd
This release fixes some bugs in the 0.4 release. This release does not
introduce major code changes.
changes since 0.4:

added French debconf translation by Cyril Brulebois

added Japanese debconf translation by Kenshi Muto

fix a problem with network name lookups where the lookup would result
in the wrong call to nslcd

fix wrong default filter for rpc lookups

fix a number of memory leaks (thanks valgrind)
(all memory leaks during normal operation should be fixed now)

2007-10-05 release 0.4 of nss-ldapd
This is another release of nss-ldapd with some major changes.
This release has undergone code cleanup mostly in the LDAP query
and connection parts.
Development on nss-ldapd is still ongoing and may see several
major changes before a first stable release. This release removes around
25% of the code (relative to 0.3) and some quick tests show that NSS
lookups are much faster than with nss_ldap (a simple shell script that
spawned getent queries was 4 times as fast). It should be noted that
small lookups are especially faster, probably due to removed complexity
in locking.
This release also removes some features that were present in the original
nss_ldap module. The focus is still on improving the codebase. If important
features are missing, these can be added later on upon request.
changes since 0.3:

remove nss_schema configfile option

temporary remove support for uniqueMember group membership attributes
(will be re-added in a later release)

removed support for nested groups, if this is really needed (please
ask or file a bug if you want it) it can be re-added later on

added missing docbook sources for manual pages to tarball

major cleanups and simplifications in the core LDAP query code (we
don't need to worry about SIGPIPE because nslcd does that globally,
locking because a connection is only used by one thread) and
more simplifications the the LDAP connection and query state

get base, scope, filter and map configfile directives properly
working

simplifications in LDAP reconnect logic (some work remains to be
done in this area)

issue warnings or errors for untested or unsupported configuration
options

properly handle multiple URIs in Debian configuration

documentation improvements

Get this release from the downloads section.
Any bug reports or success stories are more than welcome.

2007-08-26 release 0.3 of nss-ldapd
This is another release of nss-ldapd with some major changes.
This release has undergone code cleanup mostly in the configuration
and attribute mapping parts. These changes should pave the way for
simplifications to the LDAP query core.
This release should be usable for most common environments, although
handling of unavailability of the LDAP server is still not very elegant.
Development on nss-ldapd is still ongoing and may see several
major changes before a first stable release.
This release also removes some features that were present in the original
nss_ldap module. The focus is still on improving the codebase. If important
features are missing, these can be added later on upon request.
changes since 0.2.1:

a bug in the communication buffer handling code was fixed

a bug in the dictionary code was fixed (code not yet in use)

a fix for the init script that used a wrong pidfile

configuration file handling code was rewritten to better
maintainable

some configuration file options have changed which means that
compatibility with the nss_ldap configuration file is lost

configuration syntax is now documented in the
nss-ldapd.conf(5) manual page

general code reorganisation and clean-ups to achieve another 9%
code reduction relative to 0.2.1 release (more than 40% relative to
nss_ldap)

SASL, Kerberos and SSL/TLS support remain untested

Get this release from the downloads section.
Any bug reports or success stories are more than welcome.

2007-06-17 release 0.2.1 of nss-ldapd
This is a quick update to the earlier 0.2 release that of nss-ldapd.
This release fixes a number of build and runtime problems
and does not include any new features or new code.
changes since 0.2:

fix permissions of server socket (this fixes a problem where non-root users
were unable to do lookups)

2007-06-11 release 0.2 of nss-ldapd
This is the second public release of nss-ldapd.
It is developed as a drop-in replacement for
nss_ldap.
This release has undergone several improvements and should be
usable (it is in use in several smaller production environments
without any problems).
Development on nss-ldapd is however still ongoing
and may see several major changes before a first stable release.
changes since 0.1:

fixes in the netgroup lookup code

more simplifications and improvements in the code almost 5% code
reduction (compared to release 0.1) and 37% reduction in gcc warnings
(from 443 in 251 to 389 in 0.1 and 244 in 0.2)

a lot of code improvements thanks to flawfinder, more gcc warnings,
splint and rats

license change from GNU Library General Public License to GNU Lesser
General Public License (with the permission of Luke Howard)

fix logging code to be cleaner and always use our own logging
module

a start has been made to make the code more testable and initial work
to set up a testing framework has been done

implemented a time out mechanism in the communication between the NSS
part and the nslcd server part

Get this release from the downloads section.
Work is under way in a separate development branch to completely rewrite
the LDAP interface code.

These pages contain no frames, blinking stuff, animated gifs, ads, trackers, do not require Javascript and are not optimised for any specific screen resolution or browser and should be standards compliant.